RE: Changes in IDS Companies?
From: Brian Brotschi (brian.brotschi@sygate.com)Date: 10/17/02
- Previous message: scottw@cylant.com: "Re: Changes in IDS Companies?"
- Maybe in reply to: Samuel Cure: "Changes in IDS Companies?"
- Next in thread: Alan Shimel: "RE: Changes in IDS Companies?"
- Next in thread: Martin Roesch: "Re: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Brian Brotschi <brian.brotschi@sygate.com> To: "J. Foobar" <jfoobar1@yahoo.com>, Avi Chesla <avic@V-Secure.com>, focus-ids@securityfocus.com Date: Wed, 16 Oct 2002 18:40:55 -0700
Hello All;
vendor disclosure = I am employed by Sygate Technologies
My observations of this topic over the past few years have lead me to
believe that IDS is best used as a enabling technology which when properly
implemented can lead to host systems which are more secure then without IDS.
The whole premise of inspecting all traffic which is observed by either a
network sensors or host based sensors has many inefficiencies, namely the
amount of data which needs to be inspected to ferret out of the bad from the
good and then reporting it over long periods of time to quantify the actual
risk.
A very real analogy can be drawn between how protocol analysis was
originally used and then morphed into making IDS more efficient, the same
analogy should be applied to IDS technologies, and how they can be used to
make systems more secure.
The approach which Sygate has taken is to apply IDS to traffic destined
within a host to specific executable programs, thereby significantly
reducing the rate of false positives. This I feel is the first step in the
right direction. The subject of this message focuses on "changes in IDS
companies", perhaps a more compelling subject would be "how best to apply
IDS generated information to real world security threats & vulnerabilities"
and what companies are best positioned to execute on this goal.
Brian M Brotschi
Sygate Technologies, Inc.
Director of Security Solutions
Business: 510-742-2642
Fax: 208-723-1666
Cell: 408-489-4157
Email:brian.brotschi@sygate.com
http://www.sygate.com
Yahoo ID = brian_brotschi
mobile=bbrotschi@vtext.com
--------------------------------------------
The information transmitted is intended only for the person to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from any computer.
-----Original Message-----
From: J. Foobar [mailto:jfoobar1@yahoo.com]
Sent: Tuesday, October 15, 2002 11:10 PM
To: Avi Chesla; focus-ids@securityfocus.com
Cc: 'Samuel Cure'
Subject: RE: Changes in IDS Companies?
I remember reading an article on SF a year or more ago
entitled "The Future of IDS" or something to that
effect, wherein the author predicted the demise of
separate NIDS and HIDS to be replaced with reactive
all-encompassing systems relying on a few carefully
placed network monitors and aggressively reactive
host-based systems.
Was he right?
--- Avi Chesla <avic@V-Secure.com> wrote:
> I totally agree with you. Next generation IDS ,also
> being called Intrusion
> Prevention Systems or Perimeter Security devices are
> the next step in the
> evolution of the Traditional Intrusion Detection
> Systems. Vendors such as
> Intruvert, Tipping point , Vsecure Technologies ,
> Lancope, Forescout ,
> TopLayer (Mitigator) etc, are example of some.
> All these vendors claim to have an Intrusion
> Prevention Systems which
> usually has some kinds of Adaptive capabilities,
> they do behavioral and
> protocol analysis and do not based on attack
> signature (most of them) , they
> sit in-line (most of them), they mitigate attack
> without be depended in
> other products to do the blocking...
>
> Best Regards,
>
> Avi Chesla
> Director of Research
> Vsecure Technoliges, Inc.
> www.v-secure.com
>
> -----Original Message-----
> From: Samuel Cure [mailto:scure@netpierce.net]
> Sent: Monday, October 14, 2002 10:54 PM
> To: focus-ids@securityfocus.com
> Subject: Changes in IDS Companies?
>
>
> Just noticing some changes with some known IDS
> companies and wanted some
> feedback from the community. Because Marcus Ranum
> left NFR earlier this year
> and Ron Gula has left Enterasys Networks, I am
> questioning the future of
> some early-on IDS companies. I mentioned some time
> ago that the IDS market
> will eventually consolidate and it seems like things
> are moving in that
> direction.
>
>
> To further enforce my point, word on the street is
> TippingPoint is now
> seeking for someone to buy them out. Does anyone
> else have anything that
> could help validate this or these types of trends in
> IDS companies?
>
>
>
> Thanks in advance!
>
> -------------------
> Samuel J. Cure
> Security Specialist
> NetPierce Security Services
> www.netpierce.net
> -------------------
>
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
- Previous message: scottw@cylant.com: "Re: Changes in IDS Companies?"
- Maybe in reply to: Samuel Cure: "Changes in IDS Companies?"
- Next in thread: Alan Shimel: "RE: Changes in IDS Companies?"
- Next in thread: Martin Roesch: "Re: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
